Telstra storing data on behalf of US government

Linton Besser

Telstra agreed more than a decade ago to store huge volumes of electronic communications it carried between Asia and America for potential surveillance by United States intelligence agencies.

Under the previously secret agreement, the telco was required to route all communications involving a US point of contact through a secure storage facility on US soil that was staffed exclusively by US citizens carrying a top-level security clearance.

The data Telstra stored for the US government includes the actual content of emails, online messages and phone calls.

The US Department of Justice and Federal Bureau of Investigation also demanded that Telstra "provide technical or other assistance to facilitate ... electronic surveillance".

In 2001, when the "network security agreement" was signed, Telstra was 50.1 per cent owned by the Commonwealth Government.

The revelations come as the British and US governments reel from the leaking of sensitive intelligence material that has detailed a vast electronic spying apparatus being used against foreign nationals and their own citizens.

Advertisement

This week, Fairfax Media reported that four Australian defence facilities are being used by the US in this intelligence collection regime, including Pine Gap and three secret signals facilities at Darwin, Geraldton and Canberra. The local centres are used in a National Security Agency surveillance program codenamed X-Keyscore.

Now, the latest revelations raise further questions about the extent of the Australian government's co-operation with the US global intelligence effort, as well as its own data collection regime.

The 2001 contract was prompted by Telstra's decision to expand into Asia by taking control of hundreds of kilometres of undersea telecommunications cables.

Telstra had negotiated with a Hong Kong company to launch Reach, which would become the largest carrier of intercontinental telecommunications in Asia. The venture's assets included not just the fibre-optic cables, but also "landing points" and licences around the world.

But when Reach sought a cable licence from the US Federal Communications Commission, the DOJ and the FBI insisted that the binding agreement be signed by Reach, Telstra, and its Hong Kong joint venture partner, Pacific Century CyberWorks Ltd (PCCW).

The contract does not authorise the company or law enforcement agencies to undertake actual surveillance. But under the deed, Telstra must preserve and "have the ability to provide in the United States" all of the following:

"Wire" or electronic communications involving any customers - including Australians - who make any form of communication with a point of contact in the US;

"Transactional data" and "call associated data" relating to such communications;

"Subscriber information"; and

"Billing records".

"All Domestic Communications ... shall pass through a facility ... physically located in the United States, from which Electronic Surveillance can be conducted pursuant to Lawful US Process," the contract says.

"The Domestic Communications Company [Reach] will provide technical or other assistance to facilitate such Electronic Surveillance."

The US facility had to be staffed by US citizens "eligible for appropriate US security clearances", who also "shall be available 24 hours per day, seven days per week, and shall be responsible for accepting service and maintaining the security of Classified Information".

It also makes it incumbent on Reach not to allow data and communications of interest to be destroyed.

Reach and Telstra were required to "take all reasonable measures" to prevent use of their infrastructure for surveillance by a foreign government. "These measures shall take the form of detailed technical, organisational, personnel related policies and written procedures, necessary implementation plans, and physical security measures," the contract says.

The document was signed by Douglas Gration, Telstra's then company secretary and now a Melbourne barrister.

His own webpage describes his responsibilities at the time to have included "liaising with law enforcement and national security agencies".

He told Fairfax he couldn't remember much about the agreement. "Every country has a regime for that lawful interception," he said. "And Australia has got it as well."

"It would be no surprise if you're setting up something like Reach, which I think from memory had a station where they man the traffic in the US. [So] they would need an agreement with the US to do that."

Reach has offices located in Hong Kong, Japan, Korea, Singapore, Taiwan and the UK. It also has two premises in the US, in New Jersey and San Francisco, either of which may house the secure storage facility stipulated by the contract.

In 2011, Telstra and PCCW restructured their partnership, giving Telstra control of the majority of Reach's undersea cables. The corporate restructuring most likely would have triggered a requirement to renegotiate the security deed with the US Government.

Scott Whiffin, a Telstra spokesman, said the agreement was required to "comply with US domestic law".

"It relates to a Telstra joint venture company's operating obligations in the United States under their domestic law. We understand similar agreements would be in place for all network infrastructure in the US."

"When operating in any jurisdiction, here or overseas, carriers are legally required to provide various forms of assistance to Government agencies."